This article is about the new bout of silent, unasked-for installs of browser plugins by Microsoft,
specifically .NET components, into Firefox, again, and the way Mozilla proactively handle the security
vulnerabilities present in these plugins. Furthermore, I'm going to explain what each plugin does and what you
can do about it.

Call me a fanboy, but it's always refreshing when you see a software company taking the issue of security
related to its products seriously. Online security is one of the hot topics today, the anvil of reputation
where heroes and villains of the Internet are forged.

The Mozilla people definitely stand out in the crowd, with their aggressive, proactive approach to security. In
the recent weeks, Mozilla has launched new services, which help make your Firefox a better, safer product.

Plugin Check - Keep your plugins up to date!

Mozilla Plugin Check is a very convenient service that will check all your browser plugins and let you know if
you have any that are out of date or known to have security vulnerabilities. Should any of those be found, the
Plugin Check will search for updates and install them for you.

The service is still young and there are some problems with the detection of certain items, but this will be
definitely be sorted soon.

Plugin Check started as a pilot, launched with the last Firefox update. Following the browser restart, users
running an older, vulnerable version of the Adobe Flash Player plugin landed on a page that informed them their
Flash plugin was out of date. The public response was enthusiastic, with more than 10 million visits to Adobe
website. The clickrate was also phenomenal, about 30%, whereas most banner messages of this kind elicit only
about 5% clickrate. Not only did this simple check help many Firefox users gain a higher level of security, it
also showed the positive trend of Firefox users toward security.

In the future, this service will be integrated into the browser, so in addition to browser and add-on updates,
you will also have an automated, unattended plugin self-update, which should increase the security of your
browser even further, without relying on user interaction or discipline to maintain an up-to-date baseline.

You are welcome to go to the Plugin Check page and
assess your plugin state.

Add-ons blocklist

If you've read my .NET framework article, you will know by now that
third-party companies, Microsoft in this case, have tried to add their own plugins to Firefox, as a part of
dubiously enhanced Web experience. In other words, not only do you get the application installed, you get Web
browser plugins for related online technologies you did not ask for.

Well, Microsoft have somewhat rectified their practice, by making the uninstallable add-on uninstallable, but
that does not change the fact that Firefox users get their browsers pimped by with unwanted steroids. The worst
part of all is, most of these add-ons are riddled with security holes, turning your decent browser into Swiss
cheese.

It seems that Mozilla people have had enough. So much that they have developed the Add-ons blocklist! Ta-dam!
What happens is, should you try to install any plugin that has known, unpatched vulnerabilities, it gets
blocklisted - disabled by default. Your browser stays safe. Very commendable.

Let's take a look at the blocklist: mainly all sorts of useless toolbars, some download managers, even an
anti-virus component, and Microsoft .NET Framework Assistant.

Indeed, after you install .NET 3.5SP1 and launch Firefox, you get this prompt:

Or, if you already have the said plugins installed, you may see a popup, informing you that vulnerable plugins
have been disabled, due to stability or security problems. At this point, you just need to restart Firefox and
continue working normally.

I'm pleased.

It turns out this move was coordinated with Microsoft and the plugins may yet be unblocked, then possibly
blocked and unblocked again in the future, but it shows the right train of thought and a serious commitment to
user security.

Other plugins

You may encounter a few more Microsoft plugins inside your browser, including Microsoft DRM items. The big
questions are, do these pose any issues and should you disable them?

Those plugins are all related to Windows Media Player. The two DRM plugins and the Dynamic Library are the
standard plugins. Windows Media Player Firefox Plugin is the new, for more recent versions of both Windows
operating system and Firefox browser itself.

If you're asking me, you can safely disable the older, legacy plugins and see how it goes. You should have no
problem playing Windows Media inside your browser. But if you notice the loss of functionality, you can always
restore them. The most important thing is, you definitely do not need them both. The older ones are a legacy
leftover and are superseded by the new plugin.Besides, 99.9% of all media content is Flash, so you probably
won't be missing anything.

Conclusion

I really, really like this approach. Rather than wait for users to come storming the castle with pitchforks and
torches, Mozilla takes three steps ahead and tries to anticipate the shifty, shifting needs of the chaotic
browser market. Lots of emphasis is placed on security without harming the user experience, which is evident
from the numerous services used and created to make the Firefox usage as streamlined as possible.

Furthermore, this is the right approach to a serious issue. If your browser gets compromised, people will not
go to their plugin vendors and complain. They will only know that their browser got compromised and that's it.
Mozilla cannot afford to let this happen, which is why they take such drastic control of their baby.

With Plugin Check and Add-on Blocklist, Firefox security has just jumped two notches higher. This is good news
for any security-loving Firefox fan.